cybersecurity

The original post: /r/cybersecurity by /u/Novel_Negotiation224 on 2024-11-13 16:55:51.

The original post: /r/cybersecurity by /u/Ok-Bug3269 on 2024-11-13 01:03:21.

I’m nearing the end of a masters degree in cybersec (undergrad was in it as well) and transitioning from my first job as a SOC Analyst.

I feel I’m in a position where I have a relatively deep understanding of the industry in addition to commonalities. I want to increase my public presence regarding knowledge I’ve accumulated.

I want to speak to a younger crowd, maybe middle schoolers or high schoolers about the industry and what they can do if they want to pursue this path. How exactly could I go about this?

The original post: /r/cybersecurity by /u/nn11nn22 on 2024-11-12 22:25:11.

I just started my job as an OT cybersecurity analyst and thinking to go for ISA62443 out of my pocket, is it worth it?

The original post: /r/cybersecurity by /u/Golf-and-wow on 2024-11-12 22:16:41.

Has anyone been through the transition out of SAP Security & GRC into Cyber? Looking specifically at InfoSec, but I am not sure which area of security has the most transferable skills.

Outside of SAP, I currently help our InfoSec team with reporting out of CyberArk, Nessus, Proofpoint and Crowdstrike. Also helping the team with maturing our DLP program and I manage a tool called Onapsis which is a popular patch and vulnerability management tool specifically for SAP.

In general I am just wondering how hard is it going to be to pivot and what kind of skills do I need to focus on to have a chance of getting interviews.

The original post: /r/cybersecurity by /u/MesSiuu38 on 2024-11-12 21:07:35.

Hi Guys, Im new to Cyber security and IT in general and i stumbled across this course

https://www.coursera.org/professional-certificates/microsoft-cybersecurity-analyst?irclickid=0hmUsNWw5xyKTtkS-wWZQRoeUkCTqSUtEwIgwA0&irgwc=1&utm_medium=partners&utm_source=impact&utm_campaign=2279809&utm_content=b2c

Is this really free or is there a hidden paragraph where you pay some money?

Thanks in advance!

The original post: /r/cybersecurity by /u/m0wax on 2024-11-12 21:06:40.

The organisation I work for has about 1600 staff and ~600 servers. Client devices are typically Windows 10 and the server estate is a mix of Windows Server and Linux. The C-Suite have decided that we should have Crowdstrike on our client estate and Microsoft Defender for Endpoint on our server estate, for the reason being that out of the box if one EDR doesn't pick up the bad guy, then the other one will. However, several Red Team exercises over the last 18 months has shown that they will quite easily use the same techniques and manage to bypass both of them. This means that we are having to write custom detections in KQL and then again in FQL, which defeats the purpose of having two EDRs and doubles the amount of work our engineers need to do.

What do you do at your organisation, do you have one or two EDRs? Do you think it's sensible to have two?

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-13 13:47:01.

Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. - https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/

The original post: /r/cybersecurity by /u/spucamtikolena on 2024-11-13 13:14:33.

A load of new vulnerabilities for Ivanti. Old PSA appliances did not get a patch. Article says they dont qualify.

Currently the EOS/EOL article states: End of Support - December 31, 2024 End of Life - December 23, 2025

They changed this recently from End of Support and Life - December 23, 2025

If you googled "what is the end of support date for Ivanti PSA hardware" untill about 2hours ago, google would still give you the old answer.

What the f**k??

The original post: /r/cybersecurity by /u/GSaggin on 2024-11-13 11:05:18.

The original post: /r/cybersecurity by /u/Powerful-Movie9438 on 2024-11-13 10:00:15.

Hey everyone, this is our survey for our capstone project. Would appreciate it if you could spare some time and give your opinion.

https://docs.google.com/forms/d/e/1FAIpQLScpoVZq-rxkT0GJ2H0jS5iQ6n1-NKSKW7jRnoYvVe2sh07qng/viewform?usp=sf\_link

The original post: /r/cybersecurity by /u/NISMO1968 on 2024-11-13 09:48:26.

The original post: /r/cybersecurity by /u/Several_Today_7269 on 2024-11-13 09:25:40.

Hi mates I check some sites for controlling security but notice that some of them is not in SSR but CSR so can WAF (or another thing ) protect them ? Or are they too weak against SQL injection or other attacks?

The original post: /r/cybersecurity by /u/Impressive-Blood-580 on 2024-11-13 08:45:40.

Hey everyone. I'm currently a sophomore college student and I'm transferong to RIT next semester for cybersecurity bachelor. I've been doing cybersecurity certs for 6 months and I hold some certs -Security+ -Network+ -Splunk Core User -Splunk Power User -BTL1 -CDSA -PJSA -Linux+ (In Progress)

I'm planning also to take a Palo Alto cert PCNSA, so I can learn some firewall stuff, and then I will start doing cloud certs. To be honest, I think a lot about what certs would be good to take, but I don't care right now about what cert do I have, I do care more about learning advanced skills and doing projects. I'm trying to find any resources to learn some advanced SOC analyst skills but I can't find one until now. My question is where can I find resources that I can learn from some advanced skills or are there any advanced certs that I can take?

The original post: /r/cybersecurity by /u/cyberkite1 on 2024-11-12 23:33:48.

In today’s digital landscape, the Zero Trust cybersecurity model, pioneered by John Kindervag, is revolutionizing how organizations defend against cyber threats. Unlike traditional “perimeter defense” models, which trust internal networks, Zero Trust operates on the principle of never trust, always verify. This approach ensures that every part of a network is equally protected, minimizing risk and potential breaches.

Zero Trust’s unique focus on protecting the “Protect Surface” – critical assets like data, applications, and infrastructure – flips the script on cyber defense. Rather than reacting to external threats, it prioritizes securing internal resources. This five-step approach has gained traction, even reaching U.S. federal cybersecurity mandates.

A real-world example underscores its importance: even a Swiss dairy farmer suffered a ransomware attack that compromised vital data. Cyber threats today affect everyone – not just large corporations but small businesses, farms, and critical infrastructure.

For organizations, the message is clear: cybersecurity isn’t just a technical necessity; it’s essential to business resilience and success. Taking a proactive approach, like adopting Zero Trust, can save companies immense legal and recovery costs down the line.

The question arises: Is Zero Trust still works? Is there something better?

Read more on this in this article: https://www.wired.com/sponsored/story/how-the-creator-of-zero-trust-developed-todays-most-robust-cybersecurity-strategy/

The original post: /r/cybersecurity by /u/blackwidow_under on 2024-11-12 20:57:01.

I work for a company and came across a vendor product that stores highly sensitive data and provides access to multiple companies. I discovered a security vulnerability in the vendor’s product, discussed it with them, and they acknowledged the issue. However, they mentioned that a complete fix would require changes from their customers as well, making it a complex solution.

My vulnerability disclosure included a 30-day confidentiality period, so the vendor agreed to notify affected customers and publish the issue in their security bulletin. However, they refused to file a CVE, as they don’t want global awareness of the issue. Since my company is not their customer and also not their CNA, I’m unsure how to proceed with publishing a CVE. Raising a CVE would help spread awareness among users and potential customers, especially given the sensitive data the vendor handles. How can I find a way to publish a CVE in this situation? Any advice would be greatly appreciated.

The original post: /r/cybersecurity by /u/Oompa_Loompa_SpecOps on 2024-11-12 20:21:57.

Hi Folks,

tl;dr: What are things you did not know (about yourself, the team, the subject whatever comes to mind really) but in hindsight would have prederred to know when / before getting into cybersecurity in general and incident Response in particular?

Long story: I have some 13 years experience in varying disciplines under my belt, starting with project management and consulting in the Oracle middleware realms, which in the recent years converged more and more on infrastructure and security. The past two-ish years I have been at an operator of critical infrastructure with some 50.000 employees, not in Security directly, but working as a key liaison between cybersecurity and the rest of the IT department. During that time I also became part of the IT crisis team and spent a very long weekend as part of the team responding to a certain bird (ahem) crapping on thousands of endpoints and servers.

I've always felt somewhat drawn to the security realm, though more out of personal interest than professional ambition. Anyways, that changed and recently I started thinking about in what ways I could add value in our cyber sec teams, with the goal of eventually pitching that to someone high Up the chaon there whom I get along with very well in a personal level.

Well that didn't exaxtly happen as planned because he called me Out of the blue the other day and asked me, If I wanted to lead the incident Response Team in our SOC. Apparently, the current team lead gave His notice and I was the first person internally he thought of as a suitable replacement. Focus would be functional leadership and further developing standards and Toolchain, not regularly digging into active incidents myself

We'll have a call next week to discuss further. In order to prepare myself and ask myself the right questions, I would appreciate your Help:

What are things you did not know (about yourself, the team, the subject whatever comes to mind really) but in hindsight would have prederred to know when / before getting into cybersecurity in General and incident Response in particular?

Thanks!

The original post: /r/cybersecurity by /u/Delicious_Order_8954 on 2024-11-12 19:50:46.

I finish my Master's in Cybersecurity this December and am actively looking for full-time roles. I have 1+ years of prior experience working as a Full-Stack developer and 8 months of work experience in a cybersecurity research internship. Unfortunately, the internship focused more on development rather than cybersecurity but I was able to use tools such as MITRE Caldera and ELK which was a plus. I also possess a CompTIA Security+ certification which I did so I could pass my resume through the HR filter.

Rather than being a jack of all trades in cybersecurity, I want to specialize and position myself for Cloud Security and DevOps/DevSecOps roles. I have hands-on experience with AWS, GCP, and other cloud providers by doing home labs. I have also done projects to familiarize myself with multiple DevOps tools such as Terraform, Ansible, Docker, Kubernetes, GitHub Actions, etc.

To further strengthen my profile, I wish to do a certification from a reputed cloud provider. AWS is my first choice as it is one of the most popular. I want an associate-level certificate and was recommended to obtain the AWS Certified Solution Architect (SAA) certification by a friend who has done his AWS Certified Cloud Practitioner (CCP) certification.

Before I go ahead and purchase a course or study material to start preparing, I wish to have a second opinion from this subreddit. If there is another cloud certification which would be more appropriate for me, then I welcome your suggestions. Thank you all for taking the time to read this post, I look forward to the subreddit's response.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-11-12 19:47:34.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-11-12 19:45:33.

The original post: /r/cybersecurity by /u/Abject_Secretary_315 on 2024-11-12 19:08:35.

So for context I'm studying Computer Science at Secondary School (Britsh High-school Counterpart) and my teacher got me to try enter this completion called cyber switch up or something and I actually managed to get 100% on the qualifier even though I am not that knowledgeable in this field compared to others. I'd expect it'd be about all the basic/ intermediate stuff in general nothing too complicated as it is an age 11-18 competition. It's in 2 weeks time what do you guys think I should take a look at before it starts?

The original post: /r/cybersecurity by /u/DavidBrookslive on 2024-11-12 18:33:44.

I've noticed that some industries, like healthcare in certain regions, aren't as serious about cybersecurity, often due to budget constraints, lack of tech resources, or other reasons. For example, in the US, healthcare is generally seen as a challenging sector for cybersecurity professionals, with numerous posts discussing the struggles they face:

Sources:

1. https://www.reddit.com/r/cybersecurity/comments/ut9epf/anyone_here_work_on_the_cybersecurity_side_of/
2. https://www.reddit.com/r/cybersecurity/comments/1alxv4d/healthcare_security_is_a_nightmare_heres_why/
3. https://www.reddit.com/r/cybersecurity/comments/uf9n7l/want_to_get_out_of_healthcare_is_cybersecurity/

However, I've noticed that cybersecurity emphasis seems to vary widely by industry and even by country. For instance, healthcare in certain European countries might take cybersecurity much more seriously. I’d love to get insights from the community:

Which countries and SMB industries (especially beyond healthcare) are prioritizing cybersecurity?

The original post: /r/cybersecurity by /u/gurugabrielpradipaka on 2024-11-12 18:29:56.

The original post: /r/cybersecurity by /u/Far-Improvement2790 on 2024-11-12 18:00:00.

Has anyone here made the change from a “comfy” government digital forensics position to SOC Analyst or IR in DOD contracting? Do you regret the move or are you happy? I know these answers will boil down to personal preference and long term goals but I just want to hear other’s experiences in this. I have a background in IT/system administration and I currently work in digital forensics for law enforcement.

The original post: /r/cybersecurity by /u/gurugabrielpradipaka on 2024-11-12 17:33:16.

The original post: /r/cybersecurity by /u/gurugabrielpradipaka on 2024-11-12 17:30:41.